Government entities have identified certain industry sectors that are critical to that nation or region's security, economy, public health and safety. Examples of industries deemed critical infrastructures include energy, banking and finance, health care and telecommunications. Since these industries rely heavily on computerized information systems and electronic data, government entities have mandated certain computer security requirements for organizations in these sectors to protect against cyber-attacks. In the U.S. energy industry, for example, critical infrastructure protection (“CIP”) standards are written and enforced by the North American Electric Reliability Company (“NERC”).
One of these CIP standards requires tracking of system changes made to computers, network devices and related software within a company. This requires establishment of a baseline configuration for each system and related software so any changes can be tracked. However, existing methods for capturing baseline configurations, such as taking screen shots and copying command line output, can be tedious and time consuming. These capturing techniques also tend to be error-prone, which can result in an error-prone testing process. There are existing software products that gather certain system parameters, but these products do not capture all necessary system information and cannot be used to detect system changes on an on-going basis.
According to one aspect, this disclosure provides a software tool for complying with CIP standards concerning system configuration changes. The tool can be used to automatically identify and track changes to computers on the network, improving system security and CIP compliance reporting. In certain embodiments, the tool collects system information on servers and workstations using built-in commands. A number of profile elements can be collected by the tool, such as installed applications, and network ports and services. The configuration profiles of these computers/devices can be archived for audit purposes. Any changes in configuration profiles are detected based on historical baseline configurations. For example, a daily email or on-demand report, could be generated by the tool to identify any configuration changes made across the plurality of computers in an organization.
According to another aspect, this disclosure provides a computerized system for complying with certain critical infrastructure protection requirements. The system includes a non-transitory computer-readable medium having a computer program code stored thereon. A database is provided that includes one or more records that establishes baseline system configurations for a plurality of devices. A processor is in communication with the computer-readable memory configured to carry out instructions in accordance with the computer program code. When the processor executes the computer program code, it performs certain operations. One of the operations is collecting system information for a plurality of devices on a communications network. At least a portion of the devices for which system information is collected are cyber-critical assets. The collected system information for the plurality of devices is compared with the baseline system configurations stored in the database to determine whether any changes have been made. Whether changes have been made to any devices are reported responsive to the comparing step.
According to a further aspect, this disclosure provides a computerized system for complying with certain critical infrastructure protection requirements regarding a plurality of machines at least a portion of which are networked together. The system includes a collection host programmed with a configuration collection engine. The configuration collection engine is configured to gather system information from at least a portion of the machines on the network. A database is provided that has stored one or more records that establishes baseline system configurations for the plurality of machines on the network. The system also includes a reporting server configured to monitor for system changes to one or more of the plurality of machines on the network based on a comparison between system information gathered by the collection host and the baseline system configurations in the database. The reporting server is configured to periodically send a report over a communications network indicative of whether any system changes have been made to any of the plurality of machines.
Additional features and advantages of the invention will become apparent to those skilled in the art upon consideration of the following detailed description of the illustrated embodiment exemplifying the best mode of carrying out the invention as presently perceived. It is intended that all such additional features and advantages be included within this description and be within the scope of the invention.
Corresponding reference characters indicate corresponding parts throughout the several views. The components in the figures are not necessarily to scale, emphasis instead being placed upon illustrating the principals of the invention. The exemplification set out herein illustrates embodiments of the invention, and such exemplification is not to be construed as limiting the scope of the invention in any manner.